Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most of iCloud is encrypted at rest. https://support.apple.com/en-us/HT202303


I think that's not true, note this line in the doc you link to:

"...and never provides encryption keys to any third parties".

The data might be stored encrypted, but Apple seems to have access to the encryption keys. I've read that they need to be able to decrypt data to be able to comply with government requests.

I'm not sure if this is still the case now in 2017, but i assume so, until i read otherwise :)

https://www.macrumors.com/2016/03/16/apple-to-double-down-ic...


> but Apple seems to have access to the encryption keys

Of course, no one claimed that iCould data was E2E. They also need to decrypt the data in order to serve it to their users.


> They also need to decrypt the data in order to serve it to their users.

That's the point, they don't (and shouldn't) need to. As Apple itself says in the above linked article:

"Apple is working to further harden iCloud security so that even it won't be able to access user information stored on its data servers"


Web access means that you've always got one of three things:

1) the company has the encryption key

2) you give the company the encryption key each time you log in and they store it temporarily

3) everything is getting decrypted in the browser locally (probably tremendously infeasible)


#3 is how Mega works.


Interesting omission of iMessage here... since it's not encrypted at rest on their servers.


I can't tell if you're implying that they store iMessages unencrypted, but iMessage is encrypted end-to-end. Backups of your phone, which may or may not contain message histories, are only encrypted at rest.


^ I am implying that they are storing iMessages unencrypted. The iMessages on iPhones/iPads are part of the 'backup' for each device and they are not encrypted at rest on the iCloud server.


You sound very sure of this, what's your source?

As far as I've read, the iCloud backups have always been encrypted at rest, and Apple is apparently working on improving it to the point where they do not hold any decryption keys to the backups [0].

That's why, when you set up a new device, up until now it would not have your message history - because the message history can only be decrypted on devices that are already-authorized. If you restore a backup in its entirety, that includes the message log and the encryption key, but if you set up the device as "new", you only get the newly received messages - since it needs your password to decrypt the backup, it had no way to decrypt the message history from backup on the cloud and only sync that down to the new device (which always bothered me in terms of convenience). I think they're working on improving the usability of it in upcoming releases though.

[0] https://9to5mac.com/2016/02/25/apple-working-on-stronger-icl...


My source, while I wholly acknowledge this is anecdotal and not evidence, is someone in law enforcement tasked with retrieving message logs for investigations. I was pretty skeptical but I've yet found any proof or documentation from Apple's support docs disproving this.

I also recall from the San Bernadino case that the FBI/Apple had the ability to get historic message history from the iCloud backup but the FBI pushed for decrypting the device because of the most recent and not backed up messages.

As for your scenario -- doesn't that explicitly confirm that the messages are not encrypted safely at rest? You can restore to an entirely new device, using the same backup, and retrieve the messages.


> someone in law enforcement tasked with retrieving message logs for investigations.

Right, but do they retrieve them from iCloud? Without Apple's assistance, and without knowing the user's password?

> I was pretty skeptical but I've yet found any proof or documentation from Apple's support docs disproving this.

Well, here's the brief overview: https://support.apple.com/en-us/HT202303

and here's the iOS security whitepaper: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Which includes a section about iCloud security, including the following section:

  iCloud secures the content by encrypting it when sent 
  over the Internet, storing it in an encrypted format, 
  and using secure tokens for authentication.
I am no security expert, but I am pretty sure FBI wouldn't have a huge fight with Apple if they had any way to get to the data directly (and once they figured out they could use a vuln in the old iOS to break into the device, they did indeed drop the fight).

> FBI/Apple had the ability to get historic message history from the iCloud backup

Right, because they reset the shooter's Apple ID password. Not because the backup was in plaintext.

> As for your scenario -- doesn't that explicitly confirm that the messages are not encrypted safely at rest? You can restore to an entirely new device, using the same backup, and retrieve the messages.

How does that follow? You still need to supply your password to decrypt the backup before you can restore it. From the same security whitepaper:

  When files are created in Data Protection classes that aren’t accessible 
  when the device is locked, their per-file keys are encrypted using the 
  class keys from the iCloud Backup keybag. Files are backed up to iCloud 
  in their original, encrypted state. Files in Data Protection class 
  No Protection are encrypted during transport.

  The iCloud Backup keybag contains asymmetric (Curve25519) keys for each 
  Data Protection class, which are used to encrypt the per-file keys. For 
  more information about the contents of the backup keybag and the iCloud 
  Backup keybag, see “Keychain Data Protection” in the Encryption and Data 
  Protection section.

  The backup set is stored in the user’s iCloud account and consists of a 
  copy of the user’s files, and the iCloud Backup keybag. The iCloud Backup 
  keybag is protected by a random key, which is also stored with the backup 
  set. (The user’s iCloud password isn’t utilized for encryption so that 
  changing the iCloud password won’t invalidate existing backups.)

  While the user’s Keychain database is backed up to iCloud, it remains 
  protected by a UID-tangled key. This allows the Keychain to be restored 
  only to the same device from which it originated, and it means no one 
  else, including Apple, can read the user’s Keychain items.

  On restore, the backed-up files, iCloud Backup keybag, and the key for 
  the keybag are retrieved from the user’s iCloud account. The iCloud Backup 
  keybag is decrypted using its key, then the per-file keys in the keybag 
  are used to decrypt the files in the backup set, which are written as new 
  files to the file system, thus re-encrypting them as per their 
  Data Protection class.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: